Security Warning: Anyone using CEX should read carefully to avoid losing money unnecessarily

The image below is a picture of a person who was hacked and lost money transferred on the exchange without knowing the reason. I'm posting this in hopes of warning everyone about how to better protect their assets on the exchange.

I see many people might be confused when looking at the transaction image, but in essence, that image is a transfer out transaction, meaning transferring from the trading wallet to the funding wallet, NOT withdrawing money from the account.

Brothers need to clearly distinguish that:

• Transfer internal: transfer between wallets in the same CEX account

• Withdraw on-chain: withdraw assets to an external blockchain wallet

👉 If it is a real withdrawal, you must clearly see where the withdrawal goes. If there is no withdraw on-chain transaction, it cannot be concluded that it has been hacked to withdraw money out.

The most dangerous scenario to be aware of

There is a high possibility in similar cases that the email has been leaked and the authenticator has been backed up in the email.

The security mechanism of most CEXs today is to create withdrawal commands requiring only OTP from email + authenticator. If hackers gain access to the email and authenticator → they can create withdrawal commands themselves.

Even if hackers move CEX emails to spam and the mail app does not show withdrawal notifications, everything happens silently while the victim is unaware.

MANDATORY WARNING if you still use CEX to hold assets

1️⃣ Enable Passkey for Gmail
So that every time you log in on a new device, there is a warning. Note: if hackers also take control of the main device (PC/phone), it is still very dangerous.

2️⃣ Enable whitelist withdrawal on CEX
→ Only allow withdrawals to pre-defined wallets
→ This is an extremely important layer of protection

3️⃣ ABSOLUTELY do not backup authenticator to email
This is a mistake many people make without knowing.

Remember that if you cannot control the main device (PC, laptop, phone) and let hackers take control of the device without your detection, losing assets is just a matter of time; no CEX can save you.

Hope you stay safe!